New privacy czar might have Google's hardest job

Alma Whitten is taking on one of Google's most important and perhaps impossible jobs as the face of its commitment to privacy.

Google's Alma Whitten, director of privacy
Google

Whitten, a seven-year Google engineer with a background in privacy and security, was named director of privacy for the company Friday in a blog post in which Google acknowledged that its Wi-Fi spying debacle had snared e-mail addresses and passwords. Already leading a team focused on privacy issues, she's now getting more resources and a lot more responsibility in hopes of preventing incidents like the Wi-Fi issue from happening again and convincing the public that Google takes privacy seriously.

In an interview with CNET today, Whitten stressed that "my responsibility is to drive privacy from within product and engineering, and that encompasses whatever it needs to encompass." She will report to Jonathan Rosenberg, senior vice president for product management, and Bill Coughran, senior vice president of engineering.

Privacy is a touchy area for Google, a company with an inexhaustible thirst for the data it believes it needs to solve the information engineering problems of the world. Google says it has safeguards in place to protect the data that it collects and that users willingly provide it, but systems are fallible, as Google has proved twice this year with the Wi-Fi scandal and the firing of David Barksdale, an engineer who abused his authority to break into the Gmail and Google Voice accounts of children in the Seattle area.

In the blog post announcing Whitten's appointment, Google said it would be increasing the amount of training its employees receive on privacy issues and put in place new processes for reviewing its products based on privacy-related criteria. Whitten's job will be to monitor the execution of these policies across Google's massive array of products, from Android and Chrome to Gmail and YouTube.

"We're really trying to have something that's going to be broad but targeted where appropriate," Whitten told CNET today. She won't necessarily have veto power over certain product features that her team judges to cross a privacy line, but she will have access to leaders of those product groups to argue her case for removing a troubling line of code or tweaking a default setting, for example.

Those leaders will have to go through additional reviews before their team can ship products, she said, having to sign off on what kind of personal data their product uses, how it is collected, and what plans are in store for that data. The goal is to provide "enough checks and balances that we should catch just about everything," but Whitten admitted there's no way Google will ever be able to catch everything.

But what will Whitten really be able to accomplish? Some in the privacy community are likely to see her appointment as a public-relations stunt designed to thwart critics, and it's not clear how much authority she'll be able to wield in internal disputes with leaders of important projects.

That leads to the second part of her job: outreach to the privacy community and the public. "There's a lot of onus on us to find a way to be Stephen Jay Gould and explain (our approach to data). Mysteriousness is frightening to people," she said, referring to the scientist known for his frequent essays on evolutionary theory.

Whitten is based in London, and plans to continue operating out of that office even though most of Google's engineering teams sit eight time zones away in California. Google has faced stronger criticism in Europe than it has at home, due in part to the fact that many Europeans believe "privacy is a fundamental human right," she said. She thinks there is value in living and traveling readily around Europe to better understand those concerns, with the ability to draw upon five years of experience working in Mountain View to manage connections to Googlers at home and make sure she's in contact with the right people inside the company.

Whitten also plans to further encourage Google to fund research into privacy at colleges and universities. For example, Google has funded research by Ryan Calo of Stanford University on new and better ways of presenting privacy decisions to technology users and research at Cambridge University in the U.K. on privacy issues with crowdsourced data.

But she's also likely to be the public figure that Google turns to when it has to defend itself against privacy advocates or regulators concerned about the company's practices, which could make for some pressure-packed moments before investigators, hostile conferences, and even fellow employees who might see her as a Googly version of the internal affairs bureau.

Whitten's work at Google is only going to become more vital to the company's future as time goes on. She brought up internal discussions about Google Goggles, and the conscious decision the company made to avoid building face-recognition features from the product even though the technology was available.

"It's more and more the case that every individual is going around with a cheap yet powerful data-capture device, and the ability to connect that device to powerful data services. There's a whole interesting minefield to be picked through," she said, noting that it's useless to develop privacy philosophies and practices for the present: future considerations must be addressed.

Whitten also made it clear, however, that her role is not to stand in the way of Google's experiments with new technology.

"We need to stay an ambitious company," she said. "We need to build powerful information tools that are equally available to everyone, and if we are sufficiently transparent about (those tools and how they use
data), then the outside world gets to say, yes, it's worth it, we want those tools."